feishu-cli-media
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill enables the agent to read local files and upload them to a remote cloud service (Feishu). This is a high-impact vulnerability surface (Category 8: Indirect Prompt Injection). If the agent processes malicious instructions from an untrusted source, it could be tricked into exfiltrating sensitive files such as
~/.ssh/id_rsa,.env, or cloud provider credentials. - Evidence Ingestion Points: File paths provided to the
uploadsubcommand and document tokens provided to thedownloadsubcommand. - Evidence Boundary Markers: Absent. The skill does not define delimiters or instructions to ignore embedded commands in the files it processes.
- Evidence Capability Inventory: Uses
Bashto executefeishu-clifor both upload (read + network send) and download (network receive + write) operations. - Evidence Sanitization: None. The skill assumes file paths and tokens are safe.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on the
Bashtool to execute an external CLI (feishu-cli). While this is the intended purpose, the use ofBashto handle file paths and user-provided strings presents a risk of command injection if the underlying CLI doesn't handle arguments securely. - [EXTERNAL_DOWNLOADS] (LOW): The skill depends on an external tool (
feishu-cli) that is not part of the defined trusted sources list. While the skill does not explicitly install it, the dependency on an external binary of unknown origin for handling sensitive data is a risk factor.
Recommendations
- AI detected serious security threats
Audit Metadata